CS423523

1
CSCD 434Spring 2009
Lecture 1 Network Course Overview
2
Contact Information

• Instructor
• Carol Taylor
• 315 CEB
• Phone 509-359-6908
• E-mail ctaylor4214_at_comcast.net
• Office Hours
• M, W 1-2 pm or most times I am in my office

3
Course Information

• Course number
• CSCD 434 Network Security
• Course Web Page
• http//penguin.ewu.edu/cscd434

4
Overview

• Todays Topics
• What is network security and how does it fit
  within curriculum?
• Where Network Security fits within the broader
  topic of general security
• Some expectations
• Learning Objectives for this course
• Pre-test of network security topics

5
Network Security and Our Curriculum

• Network Security
• How would you define it?
• Protection of networks and their services from
  unauthorized modification, destruction, or
  disclosure
• Study of both attack and defense techniques that
  affect the network

6
Network Security and Our Curriculum

• CSCD 330 Network programming
• Basic networking course with an emphasis on
  programming
• CSCD 433/539 Advanced Networking
• More depth, cover network principles, design
• Cover other protocols, real-time, QOS
• Some programming, but not really the emphasis

7
Network Security and Our Curriculum

• CSCD 434 Network Security
• Concentrates on computer networks as the focus of
  both threats and defense.
• Begin with coverage of Attacks and Attackers
• Look at what they typically do to gain access to
  computers on a network
• Examine different phases of an attack
• Learn about tools and techniques attackers use
• Try some out in the lab
• Try to answer, Why do they attack?

8
Network Security and Our Curriculum

• Network Security continued
• Then, move on and talk about Defense Mechanisms
  against attackers
• Detection/Prevention Network security policies
• Authentication, users and machines
• Firewalls and Intrusion Detection
• Use of Cryptography as network defense
• What is its real value?
• Where it works and where it doesnt work

9
General Computer Security

• How do you define computer security?
• The application of hardware, firmware and
  software security to a computer system in order
  to protect against, or prevent, unauthorized
  disclosure, manipulation, and deletion of
  information or denial of service
• The protection resulting from all measures to
  deny unauthorized access and exploitation of
  computer systems

10
General Computer Security

• Where does network security fit within a security
  curriculum?
• Introductory Security class, CSCD396
• Basics of computer security, code and hardware
  vulnerabilities, OS protection mechanisms,
  cryptography based protection, authentication
• Cryptography class (we teach this )?
• Algorithms and math behind the use of
  cryptography in security

11
General Computer Security

• Computer or Digital Forensics (We dont teach
  this)?
• Capture data related to proof of electronic
  crimes
• Recoverability of data from both host and network
• Secure Coding (will be taught by Tom Capul)?
• Learn how to avoid software vulnerabilities
• Attacks that can take advantage of code
  vulnerabilities and how to create more secure
  programs

12
Network and General Security
Overlap of Topics
Cryptography
Secure Coding
General Security
Network Security
Forensics
13
Pre-requisite Knowledge

• Pre-requisites
• Network course
• Should know basic TCP/IP networks
• Knowledge of programming such as C, C or Java.
• We will review some networking concepts
• Point you to some supplemental material on TCP/IP
  Networks to fill in the gaps

14
Student Learning Objectives

• At the end of this course you should
• Understand threats to computer systems through
  the network
• Understand and be able to set up defense
  mechanisms used to counteract the threats
• Understand role of cryptography in network
  defense
• Know how to continue learning about network
  security beyond this class
• Certifications, Journals, Web Sites

15
Expectations for Students

• Come to Class
• Listen, learn and ask lots of questions
• Download lecture notes
• Do reading if assigned
• There will be some outside reading
• More in-class participation
• Group exercises in class
• Can do a group for the class project if desired
• Labs on material 1 Lab per week
• Discussions of current topics

16
Expectations for Students

• Undergraduates
• Can do a project
• Programming or experiment
• Write up of results
• Or
• Can do a research paper
• Survey paper about a security topic
• For either, Presentation of your results to the
  rest of the class

17
Expectations for Students

• Graduates
• Will write either a paper related to network
  security or
• Can do project and write-up
• You also will review several professional papers
  and write reviews
• Presentation of results to the rest of the class

18
Expectations

• My role is as a guide for learning network
  security
• This topic is large, not well-defined and
  constantly in flux
• I want you to help contribute materials
• Interesting links, articles, web sites or
  personal experiences
• You will create your own Web pages for computer
  security
• Will post links to your pages on our class Web
  page so students can view each others pages

19
Expectations

• Class Wiki for Sharing information
• Details about this will be forthcoming
• Should help with sharing information for entire
  class
• I will add more links on main class page with time

20
Conclusion

• Should be a good class and increase everyones
  knowledge of network security
• This topic is challenging in its broadness and
  speed with which it changes
• Nothing is particularly difficult, but is a large
  topic
• Naturally interdisciplinary
• Extends beyond the technical
• Social and people-related issues
• Policy and laws
• We will cover some of this

21
The End

• This week no Lab
• Next Time
• General Security Overview